DNV GL © 2013 SAFER, SMARTER, GREENERDNV GL © 2013
IATF 16949:2016 Transition ExperiencesIsmael Belmarez & Wendy Parr
1
March 2017
Business Assurance USA
DNV GL and Consultant are acting in cooperation to provide this Webinar purely as an informational session
to attendees and no relationship should be implied between DNV GL and Consultant. Participation in this
Webinar does not construe a request for auditing or certification services nor implies any relationship
between DNV GL and Consultant. DNV GL remains impartial and does not recommend or endorse individual
consulting companies or seek to influence clients in deciding whether to use a consulting company or which
to select.
DNV GL © 2013
Transition Timing Requirements
After 1 October 2017 no audits (initial, surveillance,
recertification or transfer) shall be conducted to ISO/TS
16949:2009.
Organizations certified to ISO/TS 16949:2009 shall transition to
the new IATF 16949, through a transition audit in line with the
current audit cycle for ISO/TS 16949:2009 (i.e. at a regularly
scheduled recertification audit or surveillance audit), according to
the allowable timing requirements defined in the IATF Rules,
section 5.1.1.
2
DNV GL © 2013
Transition Timing Requirements
The timing requirements are as follows:
– Failure to conduct a transition audit according to the timing in
the IATF Rules, section 5.1.1 (or the timing of the
decertification process in the IATF Rules, section 8.4) requires
the organization to start over with an initial certification audit
3
DNV GL © 2013
Transition Audit Requirements
The transition audit shall be the duration of a recertification
audit according to the IATF Rules, Table 5.2.
The transition audit shall be a full systems audit equivalent to
a recertification audit and shall comply with all requirements
defined in the IATF Rules, section 6.8.
A documentation review is required to be performed prior to
the audit. If the information is not provided
prior to the audit additional time will be
added to the transition audit.
4
DNV GL © 2013
Transition Audit Requirements
The Transition audit will include all RSLs associated with the
manufacturing location.
The new certificate will be issued for 3 years once all NCs have
been addressed.
Note1: There is no requirement for auditor rotation at the
Transition Audit
Note2: Organizations are not allowed to
transfer and transition at the same time.
5
DNV GL © 2013
Additional Resources
DNV Automotive Website
– https://www.dnvgl.us/assurance/automotive/index.html
– https://www.dnvgl.us/assurance/automotive/16949changes.html
IATF Website
– http://www.iatfglobaloversight.org/
6
DNV GL © 2013 SAFER, SMARTER, GREENERDNV GL © 2013
IATF 16949:2016 Implementation OverviewWendy Parr
Suggested implementation steps and key requirements
DNV GL © 2013
ISO 9001:2015 & IATF 16949:2016
ISO 9001
IATF 16949
APQPPPAP
FMEA MSA
SPCIATF rulebook
Customer-Specific
Requirements
DNV GL © 2013
IATF 16949 Implementation Overview - Agenda
ISO 9001:2015 Core Implementation Requirements
Noted IATF sustainability requirements
Other noteworthy additions
DNV GL © 2013
Implementation Steps 1- 3
1
Context
2
Interested party needs
3
Scope
While many Quality Management Systems have been in place for some time, these steps must be taken as they
are the foundation of the QMS.
DNV GL © 2013
#1 Context (4.1)
“Combination of internal and external issues that can have an
effect on an organization’s approach to developing and achieving
its objectives.”
ISO 9000:2015
DNV GL © 2013
#1 Context (4.1)
Issues can include positive and negative factors or conditions
for consideration
Understanding the external context can be facilitated by
considering issues arising from legal, technological,
competitive, market, cultural, social and economic
environments, whether international, national, regional or local
Understanding the internal context can be facilitated by
considering issues related to values, culture, knowledge and
performance of the organization
DNV GL © 2013
#1 Context (4.1)
Not required to be documented but must be monitored and
reviewed
Therefore, it is suggested that it be documented (e.g. Quality
Manual)
The registrar uses this information to ensure the scope is
correct and overall risk factors are considered
DNV GL © 2013
#1 Context – How to
SWOT
– Strengths
– Weaknesses
– Opportunities
– Threats
Many organizations have most or all of a context statement
already defined on their web sites
DNV GL © 2013
Context Example
Master Machining Company was founded by Mike Master with a vision to
provide customers with the finest in precision machined parts built with
reliability and excellence without compromise. Located in Chicago, IL,
MMC fabricates a comprehensive range of close tolerance component parts
from steel, aluminum, stainless, titanium, brass, copper and plastic. MMC
prides itself on its unparalleled precision machining techniques, quick
turnaround times and the highest quality, complete-to-print parts.
MMC is proficient at producing low volume prototype to large volume runs
on our state of the art multi-axis CNC machines for hydraulic, automotive,
medical, and other industries.
Continued...
DNV GL © 2013
Context Example
In the manufacturing industry there are many specialists with narrowly
focused core competencies. MMC is confident that we have the best blend
of skills and capabilities that this industry has to offer, in addition we have
assembled the resources and expertise to offer the convenience of a one-
stop, full service shop. We have an excellent relationship with top area
businesses specializing in plating, grinding, honing, heat treating and a lot
of other pre and post machining processes. We leverage our strengths and
those of our partners, saving you missed deadlines, substandard quality,
time and frustration.
end
DNV GL © 2013
#2 Interested Parties (4.2)
“Person or organization that can affect, be affected by, or
perceive themselves to be affected by a decision or activity”.
ISO 9000:2015
Not required to be documented but must be monitored and
reviewed
Therefore, it is suggested that it be documented (e.g. Quality
Manual)
DNV GL © 2013
#2 Interested Parties (4.2)
The registrar uses this information to ensure that processes and
objectives consider all relevant interested parties
DNV GL © 2013
#2 Interested Parties – Example
Interested Party Needs & Expectations
Customers • Product/Service meets specifications• On-Time• Billed correctly• Supply of technical expertise• Prompt resolution of problems
Owner • Make money• Image in marketplace
Employees • Make money• Desirable place to work• Career advancement
External Providers • Clear requirements• On-time payment• Required lead time
DNV GL © 2013
#3 Scope (4.3)
No significant changes in the requirement of the standard
Confirm that it is correct as changes sometimes occur over
time
– Supporting functions
– External locations
– Products
– Exclusions? i.e. product design
– Customer-Specific Requirement
Consult with your registrar if there are questions
DNV GL © 2013
# 4 Process Definition (4.4)
a) determine the inputs required and the outputs expected from
these processes;
b) determine the sequence and interaction of these processes;
c) determine and apply the criteria and methods (including
monitoring, measurements and related performance indicators)
needed to ensure the effective operation and control of these
processes;
d) determine the resources needed for these processes and ensure
their availability;
DNV GL © 2013
# 4 Process Definition (4.4)
e) assign the responsibilities and authorities for these processes;
f) address the risks and opportunities as determined in accordance
with the requirements of 6.1;
g) evaluate these processes and implement any changes needed to
ensure that these processes achieve their intended results;
h) improve the processes and the quality management system.
DNV GL © 2013
# 4 Process Definition (4.4)
Before you can perform a risk assessment, you must have
good process definition
Process Identification / Procedure template
– Inputs/outputs
– Sequence and interaction
– Criteria and methods to ensure effective operation and
control
– Resources
– Responsibilities
– Risks and opportunities
– Objectives
DNV GL © 2013
If your current process diagram looks something like this, you probably have not defined your processes adequately
DNV GL © 2013
Customer
Quoting and Contract ReviewQP01
Production controlQP03
Quality Planning
QP02
Purchasing / Supplier ControlQP04
ProductionQP05
Outsourced -Packaging
ShippingQP06
Customer
Support Processes
Document / Record Control QP07
Management Review QP08
Maintenance
Calibration QP09
Internal Audit QP10
Control of Nonconforming Product QP11
Corrective and Preventive Action QP12
Corporate IT
Corporate Accounting
Corporate HR
Product Design QP13 If your process
diagram looks more like this, you likely have a good understanding of processes
DNV GL © 2013
#5 Risk Assessment / Analysis
IATF 16949 requires the risk analysis to be retained as
documented information (6.1.2.1)
Applies to all processes; not just PFMEA
Options:
A – Risk assessment for all processes together
B – PFMEA + risk assessment for all other processes
DNV GL © 2013
Risk Assessment Process
Inputs
Historical Nonconformances*
“Data”
Potential Risks
Process Outputs
Risk Assessment
Results
Management Review
ISO 9001 9.3.2-e
Corrective Action Process
ISO 9001 10.2.1-e
Add controls / improve Process
Risk Assessment
Tool
QA
TM
*Nonconformances: Lessons learned from product recalls, product audits, field returns and repairs, complaints scrap and rework (6.1.2.1)
DNV GL © 2013
Risk Assessment Methodology Version:1
Process #
Process Name
Potential FailuresPotential
Consequence
Severi
ty
Potential Cause of Failure
Lik
elihood
Current Prevention /
controls
Current Detection Methods
Dete
ction
RPN
SP1.1
Planning Contract
Services -sampling
unacceptable sample
lost sale 3Incomplete, inaccurate
Sample Request2
Completion of Sample Request
Form prior to sample run
1st piece visual inspection, weight, & durometer
1 6
unacceptable sample
lost sale 3
Personnel have insufficient
training and/or knowledge
3General Training
and general procedure
1st piece visual inspection, weight, & durometer
1 9
SP1.2
Planning Contract
Services -1st time production order
nonconforming production parts
rework / additional labor /
late shipment2
Insufficient documentation of
sample run / inadequate planning
2
Complete sample outputs:
Approved Sample Report, notes,
pictures, drawing changes
1st piece visual inspection, weight, & durometer
1 4
parts not to customer
specifications
customer dissatisfaction
3Overlooking customer
requirements2
Quality Planning Review / release of Pre-production
form
1st piece visual inspection, weight, & durometer
1 6
parts not to customer
specifications
customer dissatisfaction
3
Personnel have insufficient
training and/or knowledge
3General Training
and general procedure
1st piece visual inspection, weight, & durometer
1 9
SP2.2
Quoting & Order
Acceptance -
Quoting(chemical
s)
incorrect information to
customer
customer dissatisfaction
3Pricing Data inaccurate
1documented
quote required
President / Project
Coordinator reviews/approves
1 3
incorrect information to
customer
customer dissatisfaction
3
Personnel have insufficient
training and/or knowledge
1
System mistake-proofs process
and procedure is detailed
President / Project
Coordinator reviews/approves
1 3
DNV GL © 2013
Severity of failure ratings:
1 - little impact on customer / company
2 - medium impact on operational efficiency and/or KPIs / little impact on customer
3 - customer satisfaction impacted
Likelihood of failure ratings:
1 - has not happened in past and not very likely to happen in future
2 - has happened in past but not very likely to happen in future
3 - has occurred and has potential to occur in future
Detection of failure ratings:
1 - detection of failure extremely likely, prior to customer impact
2 - detection of failure somewhat likely
3 - detection of failure unlikely
• This is NOT a FMEA; any scale and definition can be selected• Do address loss of knowledge as a potential risk in each
process (ISO 9001:2015, 7.1.6)
DNV GL © 2013
Risk Treatment
Process # Recommended ActionResponsibility /
Target Completion
Action taken
Severit
y
Occu
rren
ce
Dete
cti
on
RPN
SP1.1
SP1.2
Preventive Action (6.1.2.2)
The Risk Assessment can
be used as justification for the controls you
have in place
Co
ntr
ols
Documented procedures
Records
Process measures / objectives
Resources: personnel, system,
tools, etc.
DNV GL © 2013
Recap
1
Context
2
Interested party needs
3
Scope
4
Processes Definition
5
Risk Assessment
6
Controls
Suggested next step: Self-assessment / gap analysis• Matrix on where each requirement is addressed in QMS
(Note 7.5.1.1.d)• Matrix on customer-specific requirements (7.5.1.1.d)
DNV GL © 2013
Quality Manual (7.5.1.1)
Step 1:
Step 2:
– Context
– Interested parties
– Quality Policy
– Scope *
– Reference to documented requirements *
– Process sequence and interactions (inputs & outputs) & extent
of control of any outsourced processes *
– Matrix of where CSRs are addressed *
– Matrix of where IATF requirements are addressed
* required
DNV GL © 2013
IATF Sustainability Requirements
Product Safety 4.4.1.2
– Documented process for management of product-safety
related products and manufacturing processes.
– Suggest logical groupings of products and a matrix to
address a – m
– Address those areas where needed e.g. matrix points to
controls
Corporate Responsibility 5.1.1.1
– Anti-bribery, code of conduct, ethics escalation
– Typically found in employee manual
DNV GL © 2013
IATF Sustainability Requirements
Contingency Plans 6.1.2.3
– Defined according to risk and impact to customer
– Annual reviews / document control
– Specific potential failures to be addressed
– Customer notification process
– end
DNV GL © 2013
Management Of Change (6.3)
When the organization determines the need for changes to the
quality management system, the changes shall be carried out in
a planned manner.
The organization shall consider:
a) the purpose of the changes and their potential
consequences;
b) the integrity of the quality management system;
c) the availability of resources;
d) the allocation or reallocation of responsibilities and
authorities.
DNV GL © 2013
Management Of Change (6.3)
Determine scope of MOC process
– Changes to facility, equipment
– Vendors / supplied product
– Personnel changes
– Legal requirements
Create process for ensuring that changes are effectively
communicated and implemented across all processes
Typically there would be a form and log which implies a
resource to monitor
Changes to the product realization process and temporary
changes - additional verification / validation requirements
(8.5.6.1) – typically ECN
DNV GL © 2013
Competency (7.2)
“appropriate training records” vs “records of competency”
– Records of competency: Tests scores, certification where
tests / evaluations were required, evaluations of supervisors
/ trainers
Documented roles, responsibilities and authorities, process
owners, awareness (5.3)
– Suggest RACI Approach (Responsible, Accountable,
Consulted, Informed)
DNV GL © 2013
Embedded Software
If the product has embedded software, there are multiple
requirements, from product design through internal audit,
which need to be addressed.
DNV GL © 2013
Suppliers / Risk (8.4)
This section has significantly enhanced requirements which
suggests that the traditional methods used by organizations to
select and control suppliers has not been especially effective
Suggest a product/service risk assessment followed by an
individual supplier assessment for higher risk external providers
DNV GL © 2013
Suppliers / Risk (8.4)
– A risk methodology will help the organization focus on those
products and services which need more attention
– And, focus on external providers who present the most risk to
the organization, safety, interested parties, etc.
– Risk factors to consider are specified in 8.4.1.2
DNV GL © 2013
SAFER, SMARTER, GREENER
www.dnvgl.com
Contact Us
Ismael Belmarez, Accreditation Manager, NA
Wendy Parr, Global-Certified Lead Auditor, Parr Consulting, LLC
847-542-2128